Our SDK supports an Access Token feature which allows MiniApps to access permitted APIs and an interface where the Host App can provide an Access Token to a MiniApp.
For example with login (auto login), some MiniApps wish to utilize Access Token from login SDKs APIs, however the Host App does not allow full, open-ended access. In this case, the scope may be controlled utilizing an Access Token.
Note: Currently, This feature is available with Rakuten internal APIs. If you wish to utilize this feature in your MiniApp or to confirm if your scope is supported, plaes contact us (coming soon) . The MiniApp can also specify the "audience" (services such as RAE, API-C, etc.) and "scopes" (scopes accessible by the Access Token such as user info, points, ranking, purchase history, etc).
Feature and Benefits for End Users:
- Send secure requests without hassle after an Access Token is approved
- Improved performance and simplicity
- A single Access Token can be used for multiple servers and authentication is needed only a single time.
- Hide and protect user information
Feature and Benefits for Business:
- Host app can approve or deny MiniApp requests
- Only authenticated MiniApp IDs can request data
- Access Token scope - Limit and control access
- Built-in error system and formatted error keys
- May include multiple audiences and scopes in your MiniApp
Integrating User info:
- End user must grant data sharing permissions.
- The MiniApp SDK will handle a check to ensure permission has been previously granted. If permission was denied, the functions will not be called in your MiniApp.
For more information about access token and other details, please check the technical documentation here